Performance Comparison

Finally, we compare Null Keysalgorithm to another security scheme for network coding that uses homomorphic hashing. The hash verification presented by Krohn et al. in [23] guarantees a high level of security since it is collision-free. However, as show in Section 3.3.3, homomorphic hashes require heavy computations and cryptographic overhead. Our verification process, shown in Equation (3.2), can be around seven hundred times faster than the hash verification. Since homomorphic hashes are computationally expensive,

3.5. SIMULATIONS 49 they require that nodes check blocks probabilistically as in cooperative security, proposed by Gkantsidis et al.[17].

In their model, Gkantsidis et al. use homomorphic hashing to check for malicious blocks. The nodes perform probabilistic verifications in order to reduce the computation cost imposed by homomorphic hashes. In order not to weaken the verification process, they proposed that nodes cooperate in checking for malicious blocks. Whenever a node detects the presence of bogus blocks, it sends alert messages to neighbor nodes. To compare both security approaches, we implemented the cooperative security scheme. We assume, as in [17], instantaneous propagation of alert messages. A node checks blocks with probability pc. Once a malicious block is detected, all the infected nodes are

informed. A node sends alert messages to the upstream nodes that have sent unsecured blocks, and downstream nodes that have received unsecured blocks. In our model, the graph is directed, however we assume that alert messages can propagate to upstream nodes.

In Figure 3.13, we show the percentage of corrupted nodes achieved in both Null Keys and cooperative security schemes in the same network model as a function of the percentage of malicious nodes. We used a random topology consisting of 1000 nodes where the connection probabilitypis set to 0.5%. We clearly see thatNull Keysalgorithm guarantees a better protection than cooperative security against jamming attacks. Under the attack of the same percentage of malicious nodes, our security scheme limits the pollution spread better than cooperative security, even for a checking probability of 40%. As pc increases the percentage of corrupted nodes decreases, but the computation costs

augment. Note that when the percentage of malicious nodes is greater than 20%, the slow increase in the corruption can be explained by the overlap in the affected regions. In

3.5. SIMULATIONS 50 10 20 30 40 0 10 20 30 40

Percentage of Malicious Nodes

Percentage of Corrupted Nodes

Pc=1% Pc=5% Pc=20% Pc=40% NK

Figure 3.13: Comparison betweenNull Keys and cooperative security performances in a random network of 1000 node with p = 0.5%. NK refers to Null Keys and pc refers to

the probabilistic checking in cooperative security.

fact, when the polluted regions overlap, the same block can be corrupted multiple times. Hence, all overlapping attacks can be discovered once this block is detected. Another drawback of cooperative security is that a node stops using unsecured blocks when an alert message is received which alters the network performance since non-corrupted blocks can be part of theses unsecured blocks. The cleaning process is slow since homomorphic hashing is used. On the other hand,Null Keys algorithm uses a fast verification to check the integrity of the data blocks and hence does not impose any significant delay on their propagation.

In addition, the edge connection probabilityp does not change the results in the case of cooperative security, as claimed in [17]. However, for larger values of p, our security approach can perform even better as shown in Figure 3.4. Indeed, in the comparison, the edge connection probability is set to 0.5%, which is the worst case in Figure 3.4.

3.5. SIMULATIONS 51 Also, in the case of cooperative security, the corruption is dynamic. In contrast with our approach, the corruption state of the nodes always varies. Depending on which nodes perform the verification check and how the alert messages propagate, the corruption of the nodes varies. Hence, the locations of malicious nodes cannot be approximated. However, Null Keys algorithm proved to drive the network to a stable corruption state with a limited damage.

Chapter 4

Progressive Encoding for Network

Diagnosis

In this Chapter, we present a trace collection protocol that utilizes progressive encoding to disseminate peers vital statistics, referred to as snapshots, in the network. We focus on the scalability of the protocol and its resilience to high level of peer dynamics. The peers cooperate by allocating cache capacity for snapshots generated by other peers. Our results show that the server is able to decode most of the snapshots generated under large-scale peer departures.

4.1

Motivation and Objective

In this part of the thesis, we seek to solve the problem of monitoring large-scale peer- to-peer systems using a trace collection protocol that allows the server to gather mea- surements from the participating peers. The main requirement is to collect most of the traces from a highly dynamic large-scale peer-to-peer system. The traditional solution

4.1. MOTIVATION AND OBJECTIVE 53 involves sending periodic reports to a centralized server, as in UUSee [1]. Those periodic snapshots represent a large traffic volume that can shut down the server. Due to the lim- ited server bandwidth, the traces should be disseminated in the network first and then, collected by the server in a delayed fashion, in order to gather snapshots from the peers that have already left the session. To tolerate snapshot losses due to peer dynamics, some redundancy should be injected in the network. In order to increase data diversity and to be resilient to losses and failures, network coding is applied to disseminate the traces such that only coded blocks are exchanged and stored in the network.

The main advantage of using network coding is to increase the diversity of the data blocks to effectively disseminate the traces in the network. Instead of introducing redun- dant blocks in the network, the peers exchange coded blocks to resist peer departures. These coded blocks are used to reconstruct the traces even after the departure of the sources. We believe, however, that the challenge is to find a practical way of using net- work coding for live trace generation. The key factor is the segment size that allows the protocol to scale and tolerate peer dynamics. A segment is a group of blocks on which random linear codes are applied. If we choose a segment size equal to the number of participating peers, we would limit the scalability of the protocol. In fact, the coded blocks would contain all the original blocks generated during an epoch and thus their sizes grow with the network size. On the other hand, if we reduce the segment size to the number of blocks generated by a single peer during an epoch, we would limit the blocks diversity. Note that the peers cannot wait for a long period of time before encoding their data, since their traces would be lost at the time they depart. In order to allow our protocol to scale and, at the same time, increase the diversity of the exchanged blocks, we propose to use progressive encoding to disseminate the traces. Our protocol adapts

4.2. PROTOCOL OVERVIEW 54